From 2397de7d1d5a2617b9a72e087d4514c7203a3e21 Mon Sep 17 00:00:00 2001 From: ale Date: Sun, 29 Dec 2013 16:55:56 +0000 Subject: [PATCH] allow specifying nsCertType in config --- cam/ca.py | 2 +- cam/templates/ext_config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cam/ca.py b/cam/ca.py index a19835f..f8a202f 100644 --- a/cam/ca.py +++ b/cam/ca.py @@ -169,7 +169,7 @@ class CA(object): csr_file = os.path.join(tmpdir, '%s.csr' % cert.name) conf_file = os.path.join(tmpdir, '%s.conf' % cert.name) ext_file = os.path.join(tmpdir, '%s-ext.conf' % cert.name) - conf = {} + conf = {'usage': 'client, server'} conf.update(self.config) conf['cn'] = cert.cn conf['days'] = cert.days or self.config['default_days'] diff --git a/cam/templates/ext_config b/cam/templates/ext_config index 596e406..486c087 100644 --- a/cam/templates/ext_config +++ b/cam/templates/ext_config @@ -1,5 +1,5 @@ basicConstraints = CA:false -nsCertType = client, server +nsCertType = %(usage)s keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, serverAuth subjectKeyIdentifier = hash -- 2.20.1